September 14, 2015

This PowerShell script searches Active Directory domain joined computers and servers, gets information about services and provides a report about service accounts. It shows services that are run by any active directory account or by any local account.

The report includes System Name, Name of Service, service account that runs the service, StartMode and actual service State.

At the end of script you will see Script Summary. Script results can be exported to CSV file by -File parameter.

September 1, 2015

Hello. Today I will cover interesting topic. I asked myself how to manage Active Directory using PowerShell in case if your AD role is installed on Windows Server 2003 (2003 R2) or even 2008 (any Service Pack but not R2).

You have to install Active Directory Web Services to manage AD using PowerShell in this case. Here the challenge comes up. Important hotfix (KB969166) is required but it is not available to download. As result it is not possible to deploy ADWS and you get following error message in KB968934.log during installation:

FileVersion of C:\WINDOWS\Assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\3.5.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll is Less Than 3.5.30729.4126

If you go to "C:\WINDOWS\Assembly" folder you will see that it is not possible to locate GAC_MSIL folder. It is another story and workaround I will describe a bit later. Let's check System.DirectoryServices.AccountManagement.dll version. It shows 3.5.30729.1. This component was installed by required .NET Framework 3.5 SP1.

Workaround is actually to get access to GAC_MSIL folder and replace System.DirectoryServices.AccountManagement.dll file with never version to complete installation process. Obviously it is not supported way but it works. Supported and much more easiest way I will show at the end of this post.

To show folder structure under C:\WINDOWS\Assembly path you have to do following steps:

When you are able to jump to dll file you can simply replace it with any newer version. I took it from my Windows 8.1 workstation (3.5.30729.70903). Then ADWS installation successfully completed and you can run Active Directory PowerShell module from any domain-joined workstation using RSAT.

I was really surprised when I downloaded Quest PowerShell module and could successfully run scripts against the same Active Directory without ADWS installed. One more great note that I was able to install Dell (Quest) AD PowerShell even on Windows Server 2003.

Here is PowerShell script that I actually wanted to run against Windows Server 2003 Domain Controller:

It will query AD groups with mail attribute only and provide membership report. The results will be exported to CSV file. 9/9/2015 Update. KB969166 can be downloaded here. By the way Quest PowerShell tools can be virtualized as portable app via Cameyo I have it portable with 52MB in size.